Google abandons experiment to show simplified URLs in Chrome due to security concerns

Shawn Knight

Posts: 13,274   +132
Staff member
In a nutshell: Replacing long strings of letters, characters and symbols with “simplified domains” may have seemed like a good idea in theory, but in practice, it led to lots of confusion among users and made it easier for hackers to lay traps and carry out social engineering plots. As such, Google has abandoned the experiment altogether.

The project, originally implemented in June 2020, was championed by several folks at Google including Chrome security lead Emily Stark as a way to cut down on long and unintelligible URLs. In practice, however, it apparently proved counter-productive.

A post from Stark on the Chrome bug tracker website dated June 7, 2021, notes that the experiment “didn’t move relevant security measures,” and that they weren’t going to launch it.

As Thurrott correctly highlights, automatically shortening URLs made phishing and other forms of social engineering easier. It also contributed to confusion among some users. So while shorter URLs may have looked more aesthetically pleasing, they were actually doing more harm than good.

This isn’t the first time Google has tinkered with URLs. Experiments to shorten URLs date back to at least 2014 when the company toyed with a feature it called the Origin Chip. That project was eventually dropped, but in 2018, the tech titan worked to remove the 'http://' and 'https://' prefixes from URLs.

Image credit 13_Phunkod

Permalink to story.

 

arrowflash

Posts: 430   +466
Only someone totally ignorant of security would ever have thought this was a good idea. And this is who they put in charge of browser security, because diversity.

From their tweets and forum posts we can also notice the arrogance and hubris of these devs. They still think they know better. These are the people in charge of what's still the most important tools for using the internet.

This is one of the reasons why as I often say, all modern web browsers suck. Some suck more, others suck less, but they all suck.
 

Trapped Nowhere

Posts: 73   +63
Only someone totally ignorant of security would ever have thought this was a good idea. And this is who they put in charge of browser security, because diversity.
Doesn't seem like they wouldn't still research the effects of having it. How would diversity change this decision? Google tries dumb stuff a fair amount.
 

wiyosaya

Posts: 6,101   +4,341
Only someone totally ignorant of security would ever have thought this was a good idea. And this is who they put in charge of browser security, because diversity.
Only someone totally ignorant would think that gagme gives a :poop: about browser security. I don't think gagme gives a :poop: about browser security. gagme is still spying on you when you use chrome - the data they glean is their bread and butter. No modern capitalist company would deliberately jeopardize their profit stream. gagme is just trying to make you think that they actually give a :poop: about browser security. I am willing to bet that browser security is one of their lowest priorities.

And "diversity" has nothing to do with it, as I see it. IMO, it is all about one thing - profit.